Week 5 In Review – 2016

Hot or Not? The Benefits and Risks of IoS Remote Hot Patching – www.fireeye.com
In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem.

Moving to a Plugin-Free Web – blogs.oracle.com
By late 2015, many browser vendors have either removed or announced timelines for the removal of standards based plugin support, eliminating the ability to embed Flash, Silverlight, Java and other plugin based technologies.

Tools

Scan for AXFR DNS replies – scans.io
AXFR is a feature of DNS that is usually not meant to be publicly accessible. However a large number of DNS servers answer to AXFR requests, most of them probably due to misconfiguration.

cve-search – github.com
A tool to perform local searches for known vulnerabilities

Yara-Scanner – github.com
Yara-Scanner is a Python-based extension that integrates a Yara scanner into Burp Suite.

Damn Vulnerable Safe – www.insinuator.net
The Damn Vulnerable Safe (DVS) is based on a little black safe we bought on the Internet. It has a 12 button pad (0-9, #, *), three hardwired LEDs, a knob for opening the safe and (it had) a physical lock for back up access.

Amazon’s customer service backdoor – medium.com
As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong.

Coordinating Vulnerabilities in IoT Devices – insights.sei.cmu.edu
The CERT Coordination Center (CERT/CC) has been receiving an increasing number of vulnerability reports regarding Internet of Things devices and other embedded systems. We’ve also been focusing more of our own vulnerability discovery work in that space.

Why J.P. Morgan Chase & Co. Is Spending A Half Billion Dollars On Cybersecurity – www.forbes.com
“J.P. Morgan is going to spend a half-billion dollars on security this year, and we still feel challenged,” Andy Cadel, general counsel, IP and data protection for J.P. Morgan Chase told a crowd of IT professionals at a recent conference titled “Future Ready: The Business of Tomorrow-Today,” which took place at Bloomberg LP headquarters in Manhattan, according to an article in Bloomberg’s Big Law Business.

Norse Corp. Collapsing
Norse Corp., a Foster City, Calif. based cybersecurity firm that has attracted much attention from the news media and investors alike this past year, fired its chief executive officer this week amid a major shakeup that could spell the end of the company. The move comes just weeks after the company laid off almost 30 percent of its staff.

Sponsors

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.